RESOLVED FIXED 42817
Web Inspector: don't grant universal access to inspector front-end page 
https://bugs.webkit.org/show_bug.cgi?id=42817
Summary Web Inspector: don't grant universal access to inspector front-end page
Andrey Kosyakov
Reported 2010-07-22 04:47:34 PDT
We used to call SecurityOrigin::grantUniversalAccess() for inspector front-end page. This does not seem to be necessary anymore, so I suggest to remove it for slightly tighter security control.
Attachments
patch (2.72 KB, patch)
2010-07-22 04:50 PDT, Andrey Kosyakov 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Andrey Kosyakov
Comment 1 2010-07-22 04:50:54 PDT
Created attachment 62286 [details] patch
Yury Semikhatsky
Comment 2 2010-07-22 05:39:07 PDT
Comment on attachment 62286 [details] patch WebKit/chromium/src/WebDevToolsFrontendImpl.cpp:  + SecurityOrigin* origin = m_webViewImpl->page()->mainFrame()->domWindow()->securityOrigin(); IIRC we needed this to be able to set iframe content. It shouldn't be necessary with new SourceFrame implementation.
WebKit Commit Bot
Comment 3 2010-07-22 09:39:49 PDT
Comment on attachment 62286 [details] patch Clearing flags on attachment: 62286 Committed r63896: <http://trac.webkit.org/changeset/63896>
WebKit Commit Bot
Comment 4 2010-07-22 09:39:54 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.